This privacy statement and customer privacy notice describes how Solutionpath Ltd collects and uses personal information and data when you engage with our website and also how we conform to our General Data Protection Regulations (GDPR) and domestic data protection legislation responsibilities when you become a valued customer of our product. This document has been produced to address both scenarios of web data usage and data used in our products.
Your privacy is important to Solutionpath Ltd. This privacy statement provides information about the personal information that Solutionpath Ltd collects through your engagement with our website, and the ways in which Solutionpath Ltd uses that personal information.
Solutionpath Ltd may collect and use the following kinds of personal information:
Solutionpath Ltd may use your personal information to:
Solutionpath Ltd will not use your personal information :
Where Solutionpath Ltd discloses your personal information to its agents or sub-contractors for these purposes, the agent or sub-contractor in question will be obligated to use that personal information in accordance with the terms of this privacy statement.
In addition to the disclosures reasonably necessary for the purposes identified elsewhere above, Solutionpath Ltd may disclose your personal information to the extent that it’s required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.
Solutionpath Ltd will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
Solutionpath Ltd will store all the personal information you provide on its secure servers.
Information relating to electronic transactions entered into via this website will be protected by encryption technology.
Information that Solutionpath Ltd collects may be stored and processed in and transferred between any of the countries in which Solutionpath Ltd operates to enable the use of the information in accordance with this privacy policy.
In addition, personal information that you submit for publication on the website will be published on the internet and may be available around the world.
You agree to such cross-border transfers of personal information.
Our Website, Solutionpath Ltd uses cookies to improve the user-friendliness and functionality of our website. By using our website, you consent to our use of cookies.
Solutionpath Ltd may update this privacy policy by posting a new version on this website.
You should check this page occasionally to ensure you’re familiar with any changes.
This website contains links to other websites.
Solutionpath Ltd isn’t responsible for the privacy policies or practices of any third party.
If you’ve any questions about this privacy policy or Solutionpath Ltd’s treatment of your personal information, please write:
POL-Information Security Policy Statement
POL-Quality & Environmental Policy Statement
POL-Solutionpath Ethical Standards Policy Statement
POL-Solutionpath Sustainability Policy
Solutionpath Limited (the Company) is aware of its obligations under the General Data Protection Regulation (GDPR) and domestic data protection legislation and is committed to processing our customers data securely and transparently. This privacy notice sets out, in line with current data protection obligations, the types of data that we process on your behalf as a customer of the Company’ products. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
This notice applies to current and former customers.
The Company is a data processor, meaning the natural or legal person, public authority, agency or other body which processes personal data on behalf of a data controller.
The Company acts as data processor on behalf of our customers (data controllers) and under our customers authority. In doing so, we serve our customers interests rather than our own.
Although as a Company we make our own day-to-day operational decisions, we comply with Article 29 which means we only process our customers personal data in line with their (data controller’s) instructions, unless it is required to do otherwise by law.
If the Company acts without our customers (data controller’s) instructions in such a way that it determines the purpose and means of processing, including to comply with a statutory obligation, we will be a controller in respect of that processing and will have the same liability as our customer (data controller).
The Company contact details are as follows:
Company Registered Address: Solutionpath Limited, DTP House, 4 Bowcliffe Road, LEEDS, West Yorkshire, LS10 1HB, United Kingdom.
Solutionpath Office Address: Solutionpath Limited, Floor 2, Mill 7, Mabgate Mills, LEEDS, West Yorkshire, LS9 7DZ.
In relation to customers personal data, we will:
Depending on our data sharing agreement with you (please refer to your data sharing agreement for completeness). We may hold many types of data, such as (& not limited to):
We collect data about your staff and students in a variety of ways and this will usually start when we undertake a data ingestion using data feeds where we will either collect the data from customers directly or via an API. This includes the data our customers would normally collect while either recruiting their staff or enrolling their students.
Personal data is kept in either your on-premise database or within the AWS cloud (if you are a cloud customer).
Data will either come from source systems. These will be sourced via a secured encrypted route and physically located either within an Amazon Web Services (AWS) UK (London region) only or, in an on-premise server of the customer’s choice.
The law on data protection allows us to process your data for certain reasons only:
All of the processing carried out by us falls into one of the permitted reasons. Generally, we will rely on the first three reasons set out above to process your data. For example, we need to collect personal data in order to:
We need to collect your data to ensure we are complying with legal requirements such as:
We also collect data so that we can carry out activities which are in the legitimate interests of our customers. We have set these out below:
We will not process special categories of data unless you have requested that we do so within the parameters of our contract with you. In these circumstances we must process special categories of data in accordance with more stringent guidelines. Most commonly, we will process special categories of data when the following applies:
We will use your special category data:
We do not need your consent if we use special categories of personal data in order to carry out our legal obligations or exercise specific rights under specific law. However, we may ask for your consent to allow us to process certain particularly sensitive data. If this occurs, you will be made fully aware of the reasons for the processing. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent. Consent, once given, may be withdrawn at any time.
One of the reasons for processing your data is to allow us to carry out our duties in line with your contract with us. If you do not provide us with the data needed to do this, we will be unable to perform those duties and unable to fulfil our contract with you.
Your data will be shared with colleagues within the Company where it is necessary for them to undertake their duties. This includes, for example, sharing your data with analysts and developers to create a personalised dashboard experience.
We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us.
We do not share your data with bodies outside of the European Economic Area.
The Company will take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information.
The Company will store all the personal information you provide on its secure cloud servers.
Information will be protected by encryption technology. The company and our service providers (e.g., AWS) follow certified systems of control (ISO 27001) that are independently certified.
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction, and abuse. We have implemented processes and policies to guard against such as:
The full suite of information Security procedures are held within our Company Integrated Management System – Information Security Folder. Below is a list of some of the control procedures we have implemented to protect customers data
We do not share customers data with third parties, unless expressly authorised by customers, or where required by law, where we provide written instructions to them to ensure that your data are held securely and in line with current data protection requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
In line with data protection principles, we only keep your data for as long as we need it, which will be at least for the duration of your contract with us though in some cases we will keep your data for a period after your contract has ended, up to a maximum 7 years.
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human intervention).
The law on data protection gives you certain rights in relation to the data we hold about you. These are:
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please refer to POL-Solutionpath Right to Erasure and Subject Access Rights Policy and Procedure.
The supervisory authority in the UK for data protection matters is the Information Commissioner’s Office (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO. The ICO helpline is 0303 123 1113.
The Company’s Data Protection Officer is Richard Gascoigne who can be contacted on email: dataprotection@solutionpath.co.uk or Telephone: 0113 385 2694.